Small tweaks to bring in line with other Kubernetes tools

2025-04-18 16:06:53 +02:00 · 2025-04-18 16:06:53 +02:00 · 884c37aa1b
commit 884c37aa1b
parent 2d2ef6903b
12 changed files with 84 additions and 33 deletions
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@ -1,2 +1,2 @@
 [advisories]
-ignore = ["RUSTSEC-2024-0344"]
+ignore = ["RUSTSEC-2024-0344", "RUSTSEC-2025-0023"]
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@ -0,0 +1,2 @@
+[env]
+RUSTC_BOOTSTRAP = "1"
--- a/.dockerignore
+++ b/.dockerignore
@ -2,3 +2,4 @@
 !queries
 !src
 !Cargo.*
+!.cargo/config.toml
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@ -18,8 +18,12 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4

-      - name: Get Git commit timestamps
-        run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
+      - name: Set timestamp and release version
+        run: |
+          echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
+          git fetch --prune --unshallow --tags --force
+          echo "RELEASE_VERSION=$(git describe --always --dirty='--modified')" >> $GITHUB_ENV
+          cat $GITHUB_ENV

      - name: Login to registry
        uses: docker/login-action@v3
@ -52,25 +56,9 @@ jobs:
            type=semver,pattern=v{{major}}.{{minor}}
            type=semver,pattern=v{{major}}

-      - name: Build and export to docker
+      - name: Build container
        id: build
        uses: docker/build-push-action@v6
-        with:
-          context: .
-          load: true
-          annotations: ${{ steps.meta.outputs.annotations }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-        env:
-          SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
-
-      - name: Generate CRDs
-        run: |
-          docker run --rm ${{ steps.build.outputs.imageid }} /crdgen > ./manifests/crds.yaml
-
-      - name: Push container
-        uses: docker/build-push-action@v6
-        id: push
        with:
          context: .
          push: true
@ -78,20 +66,28 @@ jobs:
          provenance: mode=max
          tags: ${{ steps.meta.outputs.tags }}
          annotations: ${{ steps.meta.outputs.annotations }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            "RELEASE_VERSION=${{ env.RELEASE_VERSION }}"
        env:
          SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}

+      - name: Generate CRDs
+        run: |
+          docker run --rm ${{ env.OCI_REPO }}@${{ steps.build.outputs.imageid }} /crdgen > ./manifests/crds.yaml
+
      - name: Kustomize manifests
        run: |
-          ./kustomize build ./manifests | sed "s/\${DIGEST}/${{ steps.push.outputs.digest }}/" > ./manifests.yaml
+          ./kustomize build ./manifests | sed "s/\${DIGEST}/${{ steps.build.outputs.digest }}/" > ./manifests.yaml

      - name: Push manifests
        run: |
-          flux push artifact oci://$OCI_REPO/manifests:latest \
+          flux push artifact oci://${{ env.OCI_REPO }}/manifests:${{ gitea.head_ref || gitea.ref_name }} \
            --path="./manifests.yaml" \
            --source="$(git config --get remote.origin.url)" \
            --revision="$(git rev-parse HEAD)" \
            $(echo "${{ steps.meta.outputs.labels }}" | sed -e 's/^/-a /')

-          flux tag artifact oci://$OCI_REPO/manifests:latest \
+          flux tag artifact oci://${{ env.OCI_REPO }}/manifests:${{ gitea.head_ref || gitea.ref_name }} \
            $(echo "${{ steps.meta.outputs.tags }}" | sed -e 's/^.*:/--tag /')
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -2,17 +2,19 @@ fail_fast: true

 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
    hooks:
      - id: trailing-whitespace
      - id: end-of-file-fixer
      - id: check-yaml
+        args:
+          - --allow-multiple-documents
      - id: check-toml
      - id: check-added-large-files
      - id: check-merge-conflict

  - repo: https://github.com/crate-ci/typos
-    rev: v1.21.0
+    rev: v1.31.1
    hooks:
      - id: typos
        args: ["--force-exclude"]
@ -43,6 +45,17 @@ repos:
        name: audit
        description: Audit packages
        entry: cargo audit
+        args: ["--deny", "warnings"]
+        language: system
+        pass_filenames: false
+        verbose: true
+        always_run: true
+
+      - id: udeps
+        name: unused
+        description: Check for unused crates
+        entry: cargo +nightly udeps
+        args: ["--workspace"]
        language: system
        types: [file]
        files: (\.rs|Cargo.lock)$
--- a/Cargo.lock
+++ b/Cargo.lock
@ -785,6 +785,26 @@ version = "0.31.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"

+[[package]]
+name = "git-version"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ad568aa3db0fcbc81f2f116137f263d7304f512a1209b35b85150d3ef88ad19"
+dependencies = [
+ "git-version-macro",
+]
+
+[[package]]
+name = "git-version-macro"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "53010ccb100b96a67bc32c0175f0ed1426b31b655d562898e57325f81c023ac0"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.100",
+]
+
 [[package]]
 name = "gloo-timers"
 version = "0.3.0"
@ -1428,6 +1448,7 @@ dependencies = [
 "chrono",
 "cynic",
 "futures",
+ "git-version",
 "insta",
 "k8s-openapi",
 "kube",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -34,6 +34,7 @@ reqwest = { version = "0.12.14", default-features = false, features = [
  "json",
  "rustls-tls",
 ] }
+git-version = "0.3.9"

 [dev-dependencies]
 insta = { workspace = true }
--- a/2
+++ b/2
@ -13,6 +13,8 @@ COPY --from=planner /app/recipe.json recipe.json
 RUN cargo chef cook --release --recipe-path recipe.json

 COPY . .
+ARG RELEASE_VERSION
+ENV RELEASE_VERSION=${RELEASE_VERSION}
 RUN cargo auditable build --release

 FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1,3 +1,7 @@
+#![feature(let_chains)]
 pub mod context;
 pub mod lldap;
 pub mod resources;
+mod version;
+
+pub use version::VERSION;
--- a/src/main.rs
+++ b/src/main.rs
@ -7,6 +7,7 @@ use kube::runtime::controller::{self, Action};
 use kube::runtime::reflector::ObjectRef;
 use kube::runtime::{Controller, watcher};
 use kube::{Api, Client as KubeClient, Resource};
+use lldap_controller::VERSION;
 use lldap_controller::context::Context;
 use lldap_controller::lldap::LldapConfig;
 use lldap_controller::resources::{
@ -47,7 +48,7 @@ async fn main() -> anyhow::Result<()> {
        Registry::default().with(logger).with(env_filter).init();
    }

-    info!("Starting controller");
+    info!(version = VERSION, "Starting");

    let client = KubeClient::try_default().await?;

--- a/src/resources/user_attribute.rs
+++ b/src/resources/user_attribute.rs
@ -1,19 +1,18 @@
 use std::time::Duration;

-use kube::{
-    Api, CELSchema, CustomResource,
-    api::{Patch, PatchParams},
-    runtime::controller::Action,
-};
+use kube::api::{Patch, PatchParams};
+use kube::runtime::controller::Action;
+use kube::{Api, CELSchema, CustomResource};
 use queries::AttributeType;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use serde_json::json;
 use tracing::{debug, trace, warn};

-use crate::{context::ControllerEvents, lldap, resources::Error};
-
 use super::Reconcile;
+use crate::context::ControllerEvents;
+use crate::lldap;
+use crate::resources::Error;

 #[derive(Deserialize, Serialize, Clone, Copy, Debug, JsonSchema)]
 pub enum Type {
--- a/src/version.rs
+++ b/src/version.rs
@ -0,0 +1,11 @@
+pub const VERSION: &str = get_version();
+
+const fn get_version() -> &'static str {
+    if let Some(version) = std::option_env!("RELEASE_VERSION")
+        && !version.is_empty()
+    {
+        version
+    } else {
+        git_version::git_version!(fallback = "unknown")
+    }
+}